Mozilla security researcher moz_bug_r_a4 reported that certain security checks in the location object can be bypassed if chrome code is called content in a specific manner. This allowed for the loading of restricted content. This can be combined with other issues to become potentially exploitable.
Reference:
http://www.mozilla.org/security/announce/2012/mfsa2012-70.html
Acknowledgements:
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security Mozilla security researcher moz_bug_r_a4 as the original reporter.